12 matches found
Buffer overflow
Multiple buffer overflows in contrib/pgcrypto in PostgreSQL before 9.0.19, 9.1.x before 9.1.15, 9.2.x before 9.2.10, 9.3.x before 9.3.6, and 9.4.x before 9.4.1 allow remote authenticated users to cause a denial of service crash and possibly execute arbitrary code via unspecified vectors...
Amazon Linux AMI : postgresql92 / postgresql93,postgresql94 (ALAS-2015-609)
Multiple stack-based buffer overflows in json parsing in PostgreSQL before 9.3.x before 9.3.10 and 9.4.x before 9.4.5 allow attackers to cause a denial of service server crash via unspecified vectors, which are not properly handled in 1 json or 2 jsonb values. CVE-2015-5289 The crypt function in...
Puppet Enterprise 3.x < 3.8.1 Multiple Vulnerabilities (Logjam)
According to its self-reported version number, the Puppet Enterprise application running on the remote host is 3.x prior to 3.8.1. It is, therefore, affected by the following vulnerabilities : - An XML external entity injection XXE flaw exists in the Apache ActiveMQ component due to a faulty...
SUSE SLED11 / SLES11 Security Update : postgresql91 (SUSE-SU-2015:1091-1)
This update provides PostgreSQL 9.1.18, which brings fixes for security issues and other enhancements. The following vulnerabilities have been fixed : CVE-2015-3165: Avoid possible crash when client disconnects. bsc931972 CVE-2015-3166: Consistently check for failure of the printf. bsc931973...
SUSE SLED12 / SLES12 Security Update : postgresql93 (SUSE-SU-2015:0478-1)
postgresql93 was updated to version 9.3.6 to fix four security issues. These security issues were fixed : - CVE-2015-0241: Fix buffer overruns in tochar bnc916953. - CVE-2015-0243: Fix buffer overruns in contrib/pgcrypto bnc916953. - CVE-2015-0244: Fix possible loss of frontend/backend protocol...
Debian DSA-3155-1 : postgresql-9.1 - security update
Several vulnerabilities have been found in PostgreSQL-9.1, a SQL database system. - CVE-2014-8161: Information leak A user with limited clearance on a table might have access to information in columns without SELECT rights on through server error messages. - CVE-2015-0241: Out of boundaries...
openSUSE Security Update : postgresql (openSUSE-SU-2012:1299-1)
This version upgrade of PostgreSQL fixes following issues : - Bugfix release 9.0.10 : - Fix planner's assignment of executor parameters, and fix executor's rescan logic for CTE plan nodes. - Improve page-splitting decisions in GiST indexes. - Fix cascading privilege revoke to stop if privileges a...
Code injection
PostgreSQL 9.2.x before 9.2.4, 9.1.x before 9.1.9, 9.0.x before 9.0.13, and 8.4.x before 8.4.17, when using OpenSSL, generates insufficiently random numbers, which might allow remote authenticated users to have an unspecified impact via vectors related to the "contrib/pgcrypto functions."...
[SECURITY] [DSA 2657-1] postgresql-8.4 security update
------------------------------------------------------------------------- Debian Security Advisory DSA-2657-1 [email protected] http://www.debian.org/security/ Giuseppe Iuculano April 04, 2013 http://www.debian.org/security/faq -...
DSA-2657-1 postgresql-8.4 - guessable random numbers
Bulletin has no description...
PostgreSQL -- anonymous remote access data corruption vulnerability
PostgreSQL project reports: The PostgreSQL Global Development Group has released a security update to all current versions of the PostgreSQL database system, including versions 9.2.4, 9.1.9, 9.0.13, and 8.4.17. This update fixes a high-exposure security vulnerability in versions 9.0 and later. Al...
Mandriva Linux Security Advisory : postgresql (MDVSA-2012:092)
Multiple vulnerabilities has been discovered and corrected in postgresql : Fix incorrect password transformation in contrib/pgcrypto's DES crypt function Solar Designer. If a password string contained the byte value 0x80, the remainder of the password was ignored, causing the password to be much...